1 Indian firm receiving 5 spear-phishing emails per day: Report

Spear phishing is a highly-personalised form of email attack.

New Delhi: One Indian organisation receives five highly-personalised spear-phishing emails per day, and users at companies with more than a 50 percent remote workforce are witnessing higher levels of suspicious emails, a report has revealed.

India has the highest number of suspicious emails per day and 53 percent of Indian firms were victims of spear-phishing in 2022 and on average, 24 percent had at least one email account compromised through account takeover, according to IT security firm Barracuda Networks.

On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-delivery email threat.

Meanwhile, Indian organisations take 67 hours to detect the attack and 53 hours to respond and remediate after the attack is detected.

“Even though spear phishing is low volume, with its targeted and social engineering tactics, the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating,” said Fleming Shi, CTO, Barracuda.

About 63 percent of Indian respondents that experienced a spear-phishing attack reported machines infected with malware or viruses, 61 percent reported having stolen login credentials or account takeover and 56 percent reported having sensitive data stolen, the report noted.

Spear phishing is a highly-personalised form of email attack.

Spear-phishing emails typically try to steal sensitive information, such as login credentials or financial information, which is then used to commit fraud, identity theft, and other crimes.

Spear-phishing attacks make up only 0.1 percent of all email-based attacks, according to Barracuda data, but they are responsible for 66 percent of all breaches, the findings showed.

“Users at companies with more than a 50 percent remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50 percent remote workforce,” the findings showed.

Overall, the research revealed that cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

“To help stay ahead of these highly effective attacks, businesses must invest in account takeover protection solutions with artificial intelligence capabilities,” said Shi.

Back to top button